New York — Allianz Life Insurance Company of North America confirmed that a cyber-attack compromised the personal data of the majority of its 1.4 million customers in the United States. The breach, which occurred on July 16, 2025, involved hackers gaining unauthorized access to a third-party, cloud-based customer relationship management (CRM) system through a social engineering attack, the company disclosed.
Allianz’s German parent company stated that the attackers obtained personally identifiable information related to customers, financial professionals, and select employees of Allianz Life. The breach was confined to Allianz Life and did not affect other Allianz entities or the company’s core policy administration systems, the insurer said.
The company disclosed the incident in a legal filing with the attorney general of Maine but did not provide an exact number of individuals impacted. Allianz said it took immediate steps to contain the breach and notified the FBI for investigation.
Social engineering attacks—where attackers manipulate individuals into revealing confidential information by impersonating trusted sources—are a growing threat to data security. Allianz’s experience highlights how even major firms remain vulnerable when third-party vendors become entry points for cyber criminals.
With more than 125 million customers worldwide, Allianz emphasized its commitment to assisting those affected, offering support to mitigate risks such as identity theft or fraud.
This breach underscores the urgent need for tighter cybersecurity measures, particularly surrounding third-party services, as hackers increasingly exploit human factors rather than technical flaws. Companies must rethink their defense strategies to counteract social engineering, which bypasses conventional safeguards and threatens sensitive customer data on a massive scale.
According to BBC, the company continues to investigate the full scope of the attack and its consequences, while reinforcing security protocols to prevent future incidents.
